IETF Logo Mail Archive

Re: Admission Control to the IETF 78 and IETF 79 Networks

Mark Atwood <mra@pobox.com> Tue, 06 July 2010 18:37 UTC

Return-Path: <mra@pobox.com>
X-Original-To: ietf@core3.amsl.com
Delivered-To: ietf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0BC5D3A6834 for <ietf@core3.amsl.com>; Tue, 6 Jul 2010 11:37:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8ugqW+K3uize for <ietf@core3.amsl.com>; Tue, 6 Jul 2010 11:37:41 -0700 (PDT)
Received: from sasl.smtp.pobox.com (b-pb-sasl-quonix.pobox.com [208.72.237.35]) by core3.amsl.com (Postfix) with ESMTP id 344FE3A681D for <ietf@ietf.org>; Tue, 6 Jul 2010 11:37:39 -0700 (PDT)
Received: from sasl.smtp.pobox.com (unknown [127.0.0.1]) by b-sasl-quonix.pobox.com (Postfix) with ESMTP id 7C592B4EF2 for <ietf@ietf.org>; Tue, 6 Jul 2010 14:37:41 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=pobox.com; h=mime-version :in-reply-to:references:from:date:message-id:subject:to :content-type:content-transfer-encoding; s=sasl; bh=otwaxY5W8shO bJbN3X9RRCpG7+A=; b=ygWEYFdqy6svxklipp02B1zRUqoo0URSFGxkwhAXPgcu wid6eCtuMpqPBhqPo6U5bZhiVlNpLg8KLKnFvRHxrtijVv3IuECEb15RmTIi15eZ Dezr/1JOJNLzxhHeMNN4FU3QytZfKHHZMAZhp4jMgA+ExAwyLUF7ieNv4C7drIc=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=pobox.com; h=mime-version :in-reply-to:references:from:date:message-id:subject:to :content-type:content-transfer-encoding; q=dns; s=sasl; b=mUBNKQ imlhjcZ4XgmaIzb5AHQuzvhnNqwfcTIUPH+GK+tKYkDyARTdq/NgJy37FBbwuqBg VhvqJ02XDl5VX/KCPaoqkEozfuJFl9Zbyw2wFQMAJZL80TYU5rCuj5tFvz8VTk95 iglTYsvkxxMAEGo2Z7s8R+WwAoozVE9zB+Sew=
Received: from b-pb-sasl-quonix. (unknown [127.0.0.1]) by b-sasl-quonix.pobox.com (Postfix) with ESMTP id 7636CB4EF1 for <ietf@ietf.org>; Tue, 6 Jul 2010 14:37:41 -0400 (EDT)
Received: from mail-iw0-f172.google.com (unknown [209.85.214.172]) (using TLSv1 with cipher RC4-MD5 (128/128 bits)) (No client certificate requested) by b-sasl-quonix.pobox.com (Postfix) with ESMTPSA id 42BD0B4EF0 for <ietf@ietf.org>; Tue, 6 Jul 2010 14:37:41 -0400 (EDT)
Received: by iwn38 with SMTP id 38so1304203iwn.31 for <ietf@ietf.org>; Tue, 06 Jul 2010 11:37:40 -0700 (PDT)
Received: by 10.231.16.76 with SMTP id n12mr4831058iba.194.1278441460091; Tue, 06 Jul 2010 11:37:40 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.231.173.10 with HTTP; Tue, 6 Jul 2010 11:37:20 -0700 (PDT)
In-Reply-To: <20100706170631.GK25518@thunk.org>
References: <CFB08C07-DE90-47BE-ADFF-FC72162BBFA1@daedelus.com> <4C2BBD51.2060605@ietf.org> <6.2.5.6.2.20100701070804.0c26b8a0@resistor.net> <6D6E25E2-057B-4591-9288-1283036D0374@cisco.com> <AANLkTinMFsrGyIy9bu5kzUiZqNmDbf7lpS-eht8h3hvP@mail.gmail.com> <CCD1D0AD-97DC-4CE0-9E27-CC75B5F47C54@muada.com> <AANLkTilVmeg2Tgjgllg2yT3Oc34Y4ZuwXwl9U1ELfjhc@mail.gmail.com> <20100706170631.GK25518@thunk.org>
From: Mark Atwood <mra@pobox.com>
Date: Tue, 06 Jul 2010 11:37:20 -0700
Message-ID: <AANLkTim4y4Q0eJeLU6VDtkl0yAESUpzklwyaqTDUv7bO@mail.gmail.com>
Subject: Re: Admission Control to the IETF 78 and IETF 79 Networks
To: tytso@mit.edu, Phillip Hallam-Baker <hallam@gmail.com>, Iljitsch van Beijnum <iljitsch@muada.com>, IETF Discussion <ietf@ietf.org>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Pobox-Relay-ID: 8F44092C-892D-11DF-9C67-DA91016DD5F0-82717895!b-pb-sasl-quonix.pobox.com
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Jul 2010 18:37:44 -0000

> As far as using certificates --- sure, it's possible to set up EAP-TLS
> using client certificates.  It can be done on Mac, Windows, and Linux.
> But the setup of that across multiple operating systems and getting
> users to correctly set up their certificates, sending a CA signing
> request securely to a central system, configuring their client WiFi
> system to deal with EAP-TLS, etc., is a usability nightmare.

That is sadly true.  However, it would still be a good idea to do at
the IETF gathering, *because* it is currently a usability nightmare.
There is not enough both real world experience, and exposure of IETF
participant attendees to actual "tip of the spear" usability of
interesting use cases like this.

If lots of smart and networking aware people all get the chance to do
this kind of "interop and usability" "testing" all at once, then a lot
of useful knowledge, tips, howtos, bug discovery, and application
feedback will happen, which I believe can only be a good thing towards
fixing the usability bottleneck that client certs are today.

..m

v2.23.0 | Report a Bug | By Email